In SP-initiated SSO, the user starts at theSP site and, instead of logging in at the SP site, SSO is initiated with theIdP.
The following diagram outlines the SP-initiated SSO flow.
- The user browses to the SP site.
- The user attempts to access a protected page requiring the user to be authenticated.
- The SP sends an authentication request to the IdP’s SSO service endpoint.
- If the user is not already authenticated at the IdP, the user must present their credentials and login.
- The IdP sends a SAML response containing a SAML assertion to the SP.
- The SP uses the information contained in the SAML assertion, including the user’s name and any associated attributes, and performs an automatic login.